Like the title says, today is Patch Tuesday and Bleeping Computer is reporting that May’s dump of patches is something that you should pay attention to:
Today is Microsoft’s May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws.
Six vulnerabilities are classified as ‘Critical’ as they allow remote code execution, the most severe type of vulnerability.
Lovely. For commentary as to the patches that you need to pay attention to, here’s Yoav Iellin, Senior Researcher, Silverfort:
“While CVE-2023-29325 – Windows OLE Remote Code Execution vulnerability might sound fairly innocuous, we strongly recommend taking note of it due to the ease with which users could fall victim to any exploitation attempts.
With this vulnerability, the simple act of glancing at a carefully crafted malicious email in Outlook’s preview pane is enough to enable remote code execution and potentially compromise the recipient’s computer.
At this stage, we believe Outlook users will be the main attack vector, although it has the potential to be used in other Office programs as well. We recommend ensuring client’s Windows machines and Office software are fully up to date and consider following the workaround given by Microsoft while deploying the patch.
In this month’s Patch Tuesday, we’re seeing multiple vulnerabilities affecting SharePoint. CVE-2023-24950, CVE-2023-24955 and CVE-2023-24954 have caught our attention for their potential to lead to privilege escalation and remote code execution.
The first two vulnerabilities require user privileges to create a SharePoint site. Once a threat actor has obtained the credentials of a user with these privileges, they could steal the NTLM hash of the SharePoint domain user and escalate their privileges. From this stage and using the three vulnerabilities together, a threat actor could potentially achieve the SharePoint server credentials.
These vulnerabilities are all listed as “exploitation more likely”, meaning they could be good targets for threat actors looking for innovative ways to achieve lateral movement and RCE. The best mitigation for this group of vulnerabilities is the official patch issued by Microsoft.
Another vulnerability that we’ve taken note of is CVE-2023-24941 – Windows Network file System Remote Code Execution Vulnerability. With a high CVSS score of 9.8, it could be used to attack and run malicious code on a Windows file server that has NFS (Network File System) version 4.1 support enabled.
The NFS protocol is more common in Linux and Unix environments than in Windows, where SMB protocol is more common. Even so, organizations using Windows server as their NFS server should consider applying Microsoft’s fix promptly. This vulnerability does not appear to impact earlier versions, so a quick mitigation could be to disable V4.1 support, especially if apps are only using older versions of NFS. However, please consider vulnerabilities that exist in older versions.”
So if you’re. responsible for making sure your Microsoft infrastructure is fully patched, you should be preparing to patch all the things as this month has a lot of critical or worse vulnerabilities that have been addressed by Microsoft.
See you next month.
Like this:
Like Loading...
Related
This entry was posted on May 9, 2023 at 2:25 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Time To Patch All Your Microsoft Gear Because The May Patch Tuesday Updates Are Out
Like the title says, today is Patch Tuesday and Bleeping Computer is reporting that May’s dump of patches is something that you should pay attention to:
Today is Microsoft’s May 2023 Patch Tuesday, and security updates fix three zero-day vulnerabilities and a total of 38 flaws.
Six vulnerabilities are classified as ‘Critical’ as they allow remote code execution, the most severe type of vulnerability.
Lovely. For commentary as to the patches that you need to pay attention to, here’s Yoav Iellin, Senior Researcher, Silverfort:
“While CVE-2023-29325 – Windows OLE Remote Code Execution vulnerability might sound fairly innocuous, we strongly recommend taking note of it due to the ease with which users could fall victim to any exploitation attempts.
With this vulnerability, the simple act of glancing at a carefully crafted malicious email in Outlook’s preview pane is enough to enable remote code execution and potentially compromise the recipient’s computer.
At this stage, we believe Outlook users will be the main attack vector, although it has the potential to be used in other Office programs as well. We recommend ensuring client’s Windows machines and Office software are fully up to date and consider following the workaround given by Microsoft while deploying the patch.
In this month’s Patch Tuesday, we’re seeing multiple vulnerabilities affecting SharePoint. CVE-2023-24950, CVE-2023-24955 and CVE-2023-24954 have caught our attention for their potential to lead to privilege escalation and remote code execution.
The first two vulnerabilities require user privileges to create a SharePoint site. Once a threat actor has obtained the credentials of a user with these privileges, they could steal the NTLM hash of the SharePoint domain user and escalate their privileges. From this stage and using the three vulnerabilities together, a threat actor could potentially achieve the SharePoint server credentials.
These vulnerabilities are all listed as “exploitation more likely”, meaning they could be good targets for threat actors looking for innovative ways to achieve lateral movement and RCE. The best mitigation for this group of vulnerabilities is the official patch issued by Microsoft.
Another vulnerability that we’ve taken note of is CVE-2023-24941 – Windows Network file System Remote Code Execution Vulnerability. With a high CVSS score of 9.8, it could be used to attack and run malicious code on a Windows file server that has NFS (Network File System) version 4.1 support enabled.
The NFS protocol is more common in Linux and Unix environments than in Windows, where SMB protocol is more common. Even so, organizations using Windows server as their NFS server should consider applying Microsoft’s fix promptly. This vulnerability does not appear to impact earlier versions, so a quick mitigation could be to disable V4.1 support, especially if apps are only using older versions of NFS. However, please consider vulnerabilities that exist in older versions.”
So if you’re. responsible for making sure your Microsoft infrastructure is fully patched, you should be preparing to patch all the things as this month has a lot of critical or worse vulnerabilities that have been addressed by Microsoft.
See you next month.
Share this:
Like this:
Related
This entry was posted on May 9, 2023 at 2:25 pm and is filed under Commentary with tags Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.